Credit: The Hacker News
Adobe has today released its monthly security updates to address a total of 75 security vulnerabilities across its various products, 71 of which resides in Adobe Acrobat and Reader alone.
February 2019 patch Tuesday updates address several critical and important vulnerabilities in Adobe Acrobat Reader DC, Adobe Coldfusion, Creative Cloud Desktop Application, and Adobe Flash Player for Windows, macOS, Linux, and Chrome OS.
According to the advisory released today, 43 out of 71 vulnerabilities addressed by Adobe in Acrobat and Reader are rated as critical in severity, most of which could lead to arbitrary code execution in the context of the current user upon successful exploitation.
The update also includes a permanent fix for a critical, publicly disclosed zero-day vulnerability (CVE 2019-7089) impacting Adobe Reader that could allow remote attackers to steal targeted Windows NTLM hash passwords just by tricking victims into opening a specially crafted PDF file.
Another advisory related to Adobe Flash Player, which will receive security patch updates until the end of 2020, reveals the existence of an important out-of-bounds read vulnerability (CVE-2019-7090) that could lead to information disclosure.
ColdFusion, Adobe’s commercial rapid web application development platform, also receives patches for a critical arbitrary code execution flaw and an important cross-site scripting vulnerability that could result in information disclosure.
Adobe also releases security patches for an important privilege escalation vulnerability (CVE-2019-7093) in its Creative Cloud Desktop Application versions 126.96.36.1990 and earlier.
The company says it is not aware of any in-the-wild exploit for the vulnerabilities addressed in its February 2019 Patch Tuesday updates.
Users of the affected Adobe software and apps for Windows and macOS systems are highly recommended to update their software packages to the latest versions as soon as possible.